Authentication

Browntape will use a key based authentication system to identify the user trying to access the application via the API. For each Browntape account, the owner will have the right to create an API user. The API user will have the usual username and password, but also an api_secret field. 

All API requests sent to Browntape will need to contain an auth_string and the username for the authentication to complete. This auth_string needs to be created as below

Note: 

• A new user needs to be added to the Browntape account with role as “API”

• The username and password can be set by hand. Please keep the username as an email address.

• The api_secret is an auto-generate string that you will need to use to sign the API requests.

• bt_hash() is an unauthenticated method that is exposed by Browntape which you can use to hash any string. This is basically an md5 hash with a specific salt.

• An http request to http://app.browntape.com/users/bt_hash/<string> will return the bt_hash of that string. You can use this for forming the auth_string. This value can be cached for a session.

Note: With all subsequent API requests, the username and the auth_string has to be sent. There are 2 ways to send this:

1. Via the url params like so: https://app.browntape.com/0.1/companies/details.json?username=XXXX&auth_string=YYYY

2. Or via header params: X-username and X-auth-string

General Notes

• All dates in the system are stored as UTC timezone, please convert to user timezone before display.

• All dates passed with API requests need to be in 'yyyy-mm-dd HH:ii:ss' format.